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REMARKS 

This is in response to the Office Action mailed on October 5,2005. With this Amendment, 
claims 1,4-8, 10-13, 16, 18, and 22-23 are amended. Claims 1-8, 10-13 and 15-26 are pending in this 
application. 

Allowable Subject Matter 

Applicant gratefully acknowledges that claim 1 0 was indicated to be allowable if rewritten 
in independent form. With this Amendment, Applicant has chosen to maintain the dependency of claim 1 0 
from independent claim 1, because claim 1 is also in condition for allowance. 
Clairn Rejections - 35 U.S.C. S 1 12 

In the Office Action, claim 1 was rejected under 35 U.S.C. § 1 1 2, second paragraph, for 
lack of antecedent basis for the phrase "the data store" in line 4. With this amendment claim 1 has been 
amended to provide the proper antecedent basis. 
Claim Rejections - 35. U.S.C. $ 103 

In the Office Action, claims 1-8,1 1-13 and 15-26 were rejected under 35 U.S.C. § 103(a) 
as being obvious over various combinations of the Moriconi patent (U.S. Patent No. 6,158,101), the 
Goldberg patent (U.S. PatentNo. 5,748,890), the Wu patent (U.S. PatentNo. 5,774,551), the Boitana 
patent (U.S. Patent No. 5,305,456), and the Kausik patent (U.S. Patent No. 6,263,446). With this 
amendment, claims 1, 4-8, 10-13, 16, 18, and 22-23 have been amended. 

System claims 1 8-22 of the present application lay out the general structure of the computer 
security system. An understanding of the general stmcture of the computer system is useful to highlight the 
differences between the present invention and the prior art. As a result, the discussion below begins v^th 
a discussion of system claims 18-22 and is then followed by a discussion of method claims 1-8, 10-13, 15- 
17, and 23-26. 
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L System Claims 18-22 

IntheOffice Action, claim 18 was rejected under 3 5 U.S. C. § 103 (a) as being obvious 
over die combination of the Boitana patent in view of the Goldberg patent. However, neither the Boitana 
patent nor the Goldberg patent individually or in combination teach or suggest all of the claim limitations. 

Claim 1 8 now includes: (1 ) a plurality of computer workstations, (2) a plurality of security 
providers, (3) a plurality of authentication/authorization managers, and (4) a plurality of security brokers. 
The claim also provides a description of each of these features. Each computer workstation has an 
operating system and a software application installed, and that the software application contains an 
embedded component. The plurality of security providers are for receiving permissions requests, 
authenticating a coniputer user, and authorizing permissions available to the computer user. In addition, 
each security provider has a security data store containing data related to authentication and authorization. 
The plurality of authentication/authorization managers are each associated v^ith one of the security 
providers, for querying the security providers to authenticate the computer user and authorize permissions 
available to the computer user. The plurality of security brokers perform a number of fiinctions. They 
receive permissions requests from the workstations, route permissions requests to one of the 
authentication/authorization managers, and pass authorized permissions to the workstations. Each security 
broker is a computer in network communication with the computer workstations and the security providers. 
Additionally claim 1 8 defines some of the communication capabilities between the elements of the computer 
security system. Specifically, each computer workstation is capable of communicating with each security 
broker. In addition each security broker is capable of communicating v^th each security provider through 
the associated authentication/authorization manager. 

The Boitana patent does not teach or suggest either a plurality of security brokers or a 
plurality of security providers. The Office Action suggests that Boitana does teach aplurality of security 
providers and cites column 6, lines 1 5-25 in support of this proposition. However, column 6, lines 15-25 
say nothing of a plurality of security providers. The system of the Boitana patent is illustrated in Fig. 5 . The 
system includes three primary computers a local mainfirame 6 1 , and two networked computers (remote 
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mainframe and networked PC/LAN). The only security system software operating in the system is 
operating systems security software 5 1 located on local mainframe 61 . As a result it appears that all 
security functions are provided by the single computer, which can also be used by remote applications. 
If for any reason local mainframe 6 1 were to go down, the entire system would be inoperable. There is 
no teaching or suggestion in the Boitana patent to modify the system to provide a plurality of security 
providers. 

The Boitana patent does not teach or suggest one or a plurality of security brokers. The 
function and structure of a security broker is defined in claim 1 8 and above. The Office Action suggests 
that Boitana does teach a security broker and cites to the specification at column 7, line 67-column 8, line 
9 and references intermediate security transactions in fig. 6. Neither of these teach or suggest a security 
broker. Fig. 6 illustrates conversion utilities including an application specific "application interpreter utility" 
73 and a "grouping utility" 77. The conversion utilities convert application security definitions 7 1 into a 
variety of security profiles, security rules, and security groups 79. Neither of these conversion utilities are 
security brokers, nor do they perform the fiinctions of a security broker. 

In addition, claim 18 states that each security broker is a computer in network 
communication with the computer workstations and the security providers. The system of the Boitana 
patent does not disclose a security broker being a computer in network communication with the computer 
workstations and the security providers. 

Therefore, in order to maintain the rejection of claim 1 8 under § 1 03(a) one or more 
additional references must be provided to supply the deficiencies of the Boitana patent. In addition, there 
must be some suggestion or motivation to modify the Boitana patent. 

The Office Action suggests that the Goldberg patent supplies the deficiencies at column 7, 
lines 4-27 and lines 4 1 -49. However, the Goldberg patent does not teach or suggest a plurality of security 
brokers nor a plurality of security providers. 

The systerh of the Goldberg patent is illustrated in Fig. 2. The system includes a single 
workstation 1 8, which includes launcher 32 and data storage 30. The workstation is connected to a 
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number of non-natively secured applications 20 (labeled as "host" applications) via intranet 24. When a 
user desires to access one of host applications 20 they request access via launcher 32 operating on 
workstation 1 8. Workstation 1 8 utilizes data store 30 and enterprise log-in database 28 to determine 
access rights for applications 20. Therefore, it can be seen that the structure and operation of the Goldberg 
security system is much different then that defmed in claim 1 8 . Nowhere is there a teaching or suggestion 
for a plurality of security brokers for receiving permissions requests from the workstations, routing 
permissions requests to one of the authentication/authorization managers, and passing authorized 
permissions to the workstations. There is no teaching or suggestion of a security broker being a computer 
in network communication with the computer workstations and the security providers. There is also no 
teaching or suggestion of a plurality of security providers, but rather a single security system operating on 
workstation 18. Therefore, the rejection of claim 1 8 under 35 U.S.C. § 1 03(a) should be withdrawn 
because neither the Boitana nor the Goldberg patents teach or suggest each and every element of claim 1 8. 

Dependent claims 1 9-22 all depend from allowable independent claim 1 8 and are therefore 

allowable. 

11. Method Claims 1-8, 10-13, 15-17, and 23-26 

In the Office Action independent claims 1 and 1 3 were rejected under 35 U.S.C. § 1 03 
(a) as being obvious over the combination of the Moriconi patent and the Goldberg patent. With this 
Amendment, claim 1 has been amended to provide proper antecedent basis for the phrase "the data store," 
as described above, as well as to make a number of other modifications. Neither the Moriconi patent nor 
the Goldberg patent teach or suggest each and every element of independent claim 1 . For example, the 
elements of claim 1 involving the operation of a security broker or a security provider are not taught or 
suggested by the Moriconi patent or the Goldberg patent because neither of these contain a security broker 
or a plurality of security providers. 

Claim 1 recites a method for providing computer application security including determining 
access rights to secured resources. Determining access rights includes: ( 1 ) receiving a permissions request 
from a work station and routing the permissions request to one of a plurality of security providers with one 
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of the security brokers, (2) authenticating a computer user as a valid user v^th one of the security providers, 
(3) and authorizing the user to access one of the secured resources with one of a plurality of security 
providers. The Office Action asserts that these features of independent claim 1 are disclosed in the 
Goldberg patent. Specifically the Office Action cites the specification of the Goldberg patent at column 
6, lines 5 1 -54 and column 7, lines 4-17. How^ever, these steps of determining access rights involving a 
plurality of security providers and a plurality of security brokers are not taught by the Goldberg patent 
because the Goldberg patent does not include these components. The Goldberg patent includes a 
^workstation 1 8, which accesses data store 30 and enterprise log in database 28 to determine all access 
rights and privileges for a user interacting with workstation 18. The system of the Goldberg patent does 
not describe a method of determining access rights comprising receiving a permissions request from a work 
station and routing the permissions request to one of a plurality of security providers with one of the security 
brokers. It also does not describe authenticating a computer user as a valid user with one of the security 
providers. And fmally it does not describe authorizing the user to access one of the secured resources with 
one of a plurality of security providers. Because these features of independent claim 1 are not taught or 
described by either the Moriconi patent or the Goldberg patent, claim 1 is in condition for allowance. 

Claim 1 3 recites a method for providing computer security including determining access 
privileges to a plurality of resources. The method includes authenticating a user on the system with one of 
a plurality of security providers, authorizing access rights to the secured resources in the software 
application with one of a plurality of security providers, and receiving a permissions request from one of 
a plurality of workstations and routing the permissions request to one of the security providers with one of 
a plurality of security brokers. 

The Office Action suggests that these features are disclosed by the Goldberg patent, such 
as at columns 6, lines 5 1 -54 and column 7, lines 4-17. However, the Goldberg patent does not teach or 
suggest a plurality of security brokers or a plurality of security providers that perform the steps for 
determining access privileges to a plurality of resources, as described above. Therefore, claim 1 3 is in 
condition for allowance. 
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In the Office Action, independent claim 23 was rejected under 35 U.S.C. § 103(a) as 
being obvious over the combination of the Boitana patent and the Goldberg patent. The structure and 
operation of the Boitana patent and the Goldberg patent were described above with reference to the 
rejection of independent claim 18. 

Claim 23 is directed toward a process for authorizing access rights to secured resources 
in a software application. Among other things, the claim includes method steps involving the operation of 
a security provider and a security broker. Neither the Boitana patent nor the Goldberg patent teach or 
suggest a plurality of security providers or a security broker and therefore, claim 23 is in condition for 
allowance. 

Dependent claims 2-8,10-12,15-17, and 24-26 all depend from allowable independent 
claims 1, 3, or 23 and are therefore also allowable. 

CONCLUSION 

In.view of the forgoing, this application containing pending claims 1-8, 10-13, and 15- 
26 is in condition for allowance. Reconsideration and notice to that effect is respectively requested. 



Respectfully submitted, 
KINNEY & LANGE, P.A. 
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